Skills
skills/bjesuiter/skills/jb-docs-scraper/Gen Agent Trust Hub

jb-docs-scraper

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies (MEDIUM): The skill dynamically installs the crawl4ai package and Playwright binaries from external sources at runtime, which are not part of the trusted source whitelist.
  • Evidence: SKILL.md and references/scrape_docs.py recommend running uv run --with crawl4ai and playwright install.
  • Indirect Prompt Injection (LOW): The skill ingests untrusted data from the web and stores it in a format intended for AI context without sufficient protection.
  • Ingestion points: references/scrape_docs.py using AsyncWebCrawler.arun() to fetch content from user-provided URLs.
  • Boundary markers: Absent. The script writes the scraped markdown directly to files without adding delimiters or warning instructions for the LLM.
  • Capability inventory: The script performs file-system writes (Path.write_text) and network requests. The output is explicitly described as 'AI context', creating a direct path for ingested content to influence the agent's future actions.
  • Sanitization: Absent. Web content is converted to markdown and saved without filtering for potential malicious instructions targeted at an LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:38 PM